Mac Sonoma security updates

Summary

Apple has released security updates regarding vulnerabilities. These updates are now within version 14.3 Sonoma.

Affected products

The following products received a security patch with a description from Apple on what the vulnerability allowed to.

• Apple Neural Engine, CVE-2024-23212, “An app may be able to execute arbitrary code with kernel privileges”
• CoreCrypto, CVE-2024-23218, “An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key”
• Finder, CVE-2024-23224, “An app may be able to access sensitive user data”
• Kernel, CVE-2024-23208, “An app may be able to execute arbitrary code with kernel privileges”
• LLVM, CVE-2024-23209, “Processing web content may lead to arbitrary code execution”
• Mail Search, CVE-2024-23207, “An app may be able to access sensitive user data”
• NSSpellChecker, CVE-2024-23223, “An app may be able to access sensitive user data”
• Safari, CVE-2024-23211, “A user’s private browsing activity may be visible in Settings”
• Shortcuts, CVE-2024-23204 and CVE-2024-23203, “A shortcut may be able to use sensitive data with certain actions without prompting the user”
• TCC, CVE-2024-23215, “An app may be able to access user-sensitive data”
• Time Zone, CVE-2024-23210, “An app may be able to view a user’s phone number in system logs”
• WebKit,
  • CVE-2024-23206, “A maliciously crafted webpage may be able to fingerprint the user”
  • CVE-2024-23213, “Processing web content may lead to arbitrary code execution”
  • CVE-2024-23214, “Processing maliciously crafted web content may lead to arbitrary code execution”
  • CVE-2024-23222, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.”

More information can be found here